Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

backdoor.win32.hupigon.kydf


  • Please log in to reply

#1
joe joe

joe joe

    New Member

  • Member
  • Pip
  • 4 posts
My anti virus popped up today with "backdoor.win32.hupigon.kydf" I've done some research into it, and found where the anti virus said it was. however:

It says the location is in the system volume information folder, however it says "access is denied" when I try to open the folder (I've got show hidden files and unchecked hide operating system files) however, when I hover over the folder it says "folder is empty"?

Another thing is that I've unchecked the "read only" option via the right click and properties, but it always resets it once I've clicked apply.

Since then I've been doing the steps as told, but the Malwarebytes scan didnt show anything up, but I'm sure i still have the virus.
  • 0

Advertisements


#2
joe joe

joe joe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
here is the OTL

OTL logfile created on: 21/05/2010 20:23:07 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 205.33 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/21 20:22:43 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/05/20 11:57:08 | 000,686,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2010/05/20 11:57:07 | 000,494,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2010/04/02 12:03:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:10:12 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/02/02 00:15:02 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:15:00 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/03 02:05:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/03 02:05:52 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/03 02:05:52 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/03 02:05:51 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/03 02:05:51 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/20 19:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/05 22:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/09 11:20:02 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2008/10/09 11:19:48 | 000,162,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FNRB32.exe
PRC - [2008/10/09 11:19:48 | 000,101,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FIH32.exe
PRC - [2008/10/09 11:19:40 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMB32.EXE
PRC - [2008/10/09 11:19:38 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FAMEH32.EXE
PRC - [2008/10/09 11:19:38 | 000,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSM32.EXE
PRC - [2008/10/09 11:19:38 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FCH32.EXE
PRC - [2008/10/09 11:19:38 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\common\FSMA32.EXE
PRC - [2008/10/09 11:19:14 | 000,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\fsguidll.exe
PRC - [2008/10/09 11:18:38 | 000,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
PRC - [2008/10/09 11:18:12 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2008/10/09 11:18:12 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2008/10/09 11:18:08 | 000,347,232 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2008/10/09 11:17:46 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe


========== Modules (SafeList) ==========

MOD - [2010/05/21 20:22:43 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2009/04/20 19:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/08/03 02:05:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/03 02:05:51 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/10/09 11:20:02 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2008/10/09 11:19:48 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2008/10/09 11:19:38 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2008/10/09 11:18:38 | 000,510,560 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2008/10/09 11:18:12 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/10/09 11:17:46 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)


========== Driver Services (SafeList) ==========

DRV - [2010/05/08 10:17:42 | 000,113,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/05/08 10:17:24 | 000,033,920 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/01/22 23:49:45 | 000,138,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/08/03 02:06:09 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/08/03 02:06:06 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/03 02:06:05 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/20 19:31:58 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide1.sys -- (amdide1)
DRV - [2008/10/09 11:19:28 | 000,066,720 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2008/10/09 11:18:38 | 000,079,872 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/10/09 11:18:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2008/10/09 11:18:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2008/04/17 09:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/29 07:21:53 | 002,873,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/20 12:09:22 | 000,104,320 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1572363
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 10 ED 94 CC 66 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 23:03:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 09:21:24 | 000,000,000 | ---D | M]

[2009/08/03 02:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/21 11:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9sgy7ee.default\extensions
[2009/11/01 16:14:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9sgy7ee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/06 19:07:30 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9sgy7ee.default\searchplugins\conduit.xml
[2010/05/21 11:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/29 17:09:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/08/03 01:52:42 | 000,318,433 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10922 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/03 01:33:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/03 01:33:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/21 19:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/21 18:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010/05/21 16:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/05/21 16:39:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/21 16:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/21 16:39:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/21 16:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/21 13:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/15 21:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/15 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/14 09:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\sam
[2010/05/14 09:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/05/14 09:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/14 09:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/14 09:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/14 09:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/14 09:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/14 09:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/05/08 10:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2010/05/08 10:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure
[2010/05/08 10:07:54 | 000,079,872 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys
[2010/05/08 10:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/05/08 10:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/05/08 10:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2010/04/28 14:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Atherprice
[2010/03/29 17:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/24 23:56:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/03/23 22:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BrockBandit
[2010/03/05 17:18:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/05 15:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/02/27 22:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ebay
[2010/02/27 14:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/02/27 14:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2010/02/27 14:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

========== Files - Modified Within 90 Days ==========

[2010/05/21 20:16:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/21 20:15:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/21 20:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/21 20:12:46 | 001,578,148 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/05/21 19:09:09 | 000,041,712 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 19:08:29 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 19:07:40 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/21 19:06:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/05/21 19:01:35 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer The First Decade.lnk
[2010/05/21 18:36:12 | 060,234,106 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/21 16:40:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 22:57:47 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/16 15:17:45 | 000,010,538 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fitness Joe.odt
[2010/05/14 09:25:13 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/14 09:23:47 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/14 08:17:11 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\covering letter receptionist.doc
[2010/05/14 08:17:06 | 000,024,579 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CV.odt
[2010/05/10 11:41:49 | 000,161,940 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\History.pdf
[2010/05/08 10:17:24 | 000,033,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/05/08 10:07:54 | 000,530,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/08 10:07:54 | 000,448,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/08 10:07:54 | 000,074,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 14:42:12 | 002,323,053 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\P4290569.JPG
[2010/04/28 14:56:14 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 13:39:06 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/07 09:47:01 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/23 15:33:22 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2010/03/07 14:00:42 | 000,009,264 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fLyQOPd8

========== Files Created - No Company Name ==========

[2010/05/21 19:03:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/05/21 19:03:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/21 19:03:16 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/05/21 19:03:09 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/05/21 19:03:09 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/05/21 19:03:08 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2010/05/21 19:03:07 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/05/21 19:03:05 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/05/21 19:03:05 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/05/21 19:03:05 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/05/21 19:03:04 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/05/21 19:03:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/05/21 19:03:03 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/05/21 19:03:03 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/05/21 19:01:35 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Command & Conquer The First Decade.lnk
[2010/05/21 16:40:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/16 15:06:45 | 000,010,538 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fitness Joe.odt
[2010/05/14 09:25:13 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/14 09:23:47 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/05/14 08:17:11 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\covering letter receptionist.doc
[2010/05/14 08:17:05 | 000,024,579 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CV.odt
[2010/05/10 11:41:48 | 000,161,940 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\History.pdf
[2010/05/08 10:17:24 | 000,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/04/28 14:56:35 | 002,323,053 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\P4290569.JPG
[2010/04/07 09:47:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/03/12 13:22:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/05 15:25:22 | 000,009,264 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fLyQOPd8
[2010/03/03 13:46:35 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/08/24 19:26:07 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/24 18:35:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 01:41:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/03 01:41:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/08/03 01:41:08 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/03 01:41:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/03 01:41:07 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/03 01:41:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/20 19:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/05/08 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/05/08 10:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/08/03 04:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/08 10:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2010/05/09 13:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2010/01/23 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/05/14 09:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/08/07 04:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/03/30 00:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tibia
[2010/01/03 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TS3Client
[2010/03/05 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/03/16 20:36:40 | 001,347,346 | ---- | M] () -- C:\Apr2005_d3dx9_25_x64.cab
[2009/03/16 20:36:42 | 001,078,954 | ---- | M] () -- C:\Apr2005_d3dx9_25_x86.cab
[2009/03/16 20:36:38 | 001,397,830 | ---- | M] () -- C:\Apr2006_d3dx9_30_x64.cab
[2009/03/16 20:36:44 | 001,115,221 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2009/03/16 20:36:38 | 000,916,422 | ---- | M] () -- C:\Apr2006_MDX1_x86.cab
[2009/03/16 20:36:48 | 004,162,622 | ---- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab
[2009/03/16 20:36:28 | 000,179,125 | ---- | M] () -- C:\Apr2006_XACT_x64.cab
[2009/03/16 20:36:20 | 000,133,095 | ---- | M] () -- C:\Apr2006_XACT_x86.cab
[2009/03/16 20:36:16 | 000,087,093 | ---- | M] () -- C:\Apr2006_xinput_x64.cab
[2009/03/16 20:36:12 | 000,046,002 | ---- | M] () -- C:\Apr2006_xinput_x86.cab
[2009/03/16 20:36:34 | 000,698,612 | ---- | M] () -- C:\APR2007_d3dx10_33_x64.cab
[2009/03/16 20:36:32 | 000,695,857 | ---- | M] () -- C:\APR2007_d3dx10_33_x86.cab
[2009/03/16 20:36:38 | 001,607,358 | ---- | M] () -- C:\APR2007_d3dx9_33_x64.cab
[2009/03/16 20:36:38 | 001,606,039 | ---- | M] () -- C:\APR2007_d3dx9_33_x86.cab
[2009/03/16 20:36:26 | 000,195,758 | ---- | M] () -- C:\APR2007_XACT_x64.cab
[2009/03/16 20:36:26 | 000,151,225 | ---- | M] () -- C:\APR2007_XACT_x86.cab
[2009/03/16 20:36:20 | 000,096,817 | ---- | M] () -- C:\APR2007_xinput_x64.cab
[2009/03/16 20:36:14 | 000,053,302 | ---- | M] () -- C:\APR2007_xinput_x86.cab
[2009/03/16 20:36:42 | 001,350,534 | ---- | M] () -- C:\Aug2005_d3dx9_27_x64.cab
[2009/03/16 20:36:42 | 001,077,644 | ---- | M] () -- C:\Aug2005_d3dx9_27_x86.cab
[2009/03/16 20:36:26 | 000,182,895 | ---- | M] () -- C:\AUG2006_XACT_x64.cab
[2009/03/16 20:36:22 | 000,137,227 | ---- | M] () -- C:\AUG2006_XACT_x86.cab
[2009/03/16 20:36:16 | 000,087,134 | ---- | M] () -- C:\AUG2006_xinput_x64.cab
[2009/03/16 20:36:12 | 000,046,050 | ---- | M] () -- C:\AUG2006_xinput_x86.cab
[2009/03/16 20:36:36 | 000,852,278 | ---- | M] () -- C:\AUG2007_d3dx10_35_x64.cab
[2009/03/16 20:36:34 | 000,796,859 | ---- | M] () -- C:\AUG2007_d3dx10_35_x86.cab
[2009/03/16 20:36:48 | 001,800,152 | ---- | M] () -- C:\AUG2007_d3dx9_35_x64.cab
[2009/03/16 20:36:38 | 001,708,144 | ---- | M] () -- C:\AUG2007_d3dx9_35_x86.cab
[2009/03/16 20:36:28 | 000,198,088 | ---- | M] () -- C:\AUG2007_XACT_x64.cab
[2009/03/16 20:36:24 | 000,153,004 | ---- | M] () -- C:\AUG2007_XACT_x86.cab
[2009/03/16 20:36:38 | 000,867,604 | ---- | M] () -- C:\Aug2008_d3dx10_39_x64.cab
[2009/03/16 20:36:36 | 000,849,159 | ---- | M] () -- C:\Aug2008_d3dx10_39_x86.cab
[2009/03/16 20:36:48 | 001,794,076 | ---- | M] () -- C:\Aug2008_d3dx9_39_x64.cab
[2009/03/16 20:36:38 | 001,464,664 | ---- | M] () -- C:\Aug2008_d3dx9_39_x86.cab
[2009/03/16 20:36:20 | 000,121,824 | ---- | M] () -- C:\Aug2008_XACT_x64.cab
[2009/03/16 20:36:20 | 000,093,004 | ---- | M] () -- C:\Aug2008_XACT_x86.cab
[2009/03/16 20:36:32 | 000,271,360 | ---- | M] () -- C:\Aug2008_XAudio_x64.cab
[2009/03/16 20:36:32 | 000,269,842 | ---- | M] () -- C:\Aug2008_XAudio_x86.cab
[2009/08/03 01:33:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/16 20:36:44 | 001,155,483 | ---- | M] () -- C:\BDANT.cab
[2009/03/16 20:36:38 | 000,975,148 | ---- | M] () -- C:\BDAXP.cab
[2009/08/04 03:19:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/03 01:33:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/16 20:36:38 | 001,357,976 | ---- | M] () -- C:\Dec2005_d3dx9_28_x64.cab
[2009/03/16 20:36:42 | 001,079,456 | ---- | M] () -- C:\Dec2005_d3dx9_28_x86.cab
[2009/03/16 20:36:30 | 000,212,799 | ---- | M] () -- C:\DEC2006_d3dx10_00_x64.cab
[2009/03/16 20:36:30 | 000,191,720 | ---- | M] () -- C:\DEC2006_d3dx10_00_x86.cab
[2009/03/16 20:36:38 | 001,571,154 | ---- | M] () -- C:\DEC2006_d3dx9_32_x64.cab
[2009/03/16 20:36:38 | 001,574,376 | ---- | M] () -- C:\DEC2006_d3dx9_32_x86.cab
[2009/03/16 20:36:26 | 000,192,475 | ---- | M] () -- C:\DEC2006_XACT_x64.cab
[2009/03/16 20:36:22 | 000,145,591 | ---- | M] () -- C:\DEC2006_XACT_x86.cab
[2008/12/26 02:50:08 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2009/02/01 15:09:25 | 000,323,167 | ---- | M] () -- C:\DPsFnshr.exe
[2009/04/20 19:32:46 | 000,000,630 | ---- | M] () -- C:\DPsFnshr.ini
[2008/12/28 19:46:35 | 000,000,776 | ---- | M] () -- C:\DriverPack_LAN_wnt5_x86-32.ini
[2009/01/07 22:44:38 | 000,112,242 | ---- | M] () -- C:\DriverPack_MassStorage_wnt5_x86-32.ini
[2009/03/16 20:35:34 | 000,094,024 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2009/03/16 20:36:16 | 001,691,464 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2009/02/01 15:09:29 | 000,279,577 | ---- | M] () -- C:\DSPdsblr.exe
[2009/03/16 20:36:12 | 000,044,444 | ---- | M] () -- C:\dxdllreg_x86.cab
[2009/03/16 20:36:48 | 013,264,160 | ---- | M] () -- C:\dxnt.cab
[2009/03/16 20:35:46 | 000,525,128 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2009/03/16 20:36:18 | 000,095,296 | ---- | M] () -- C:\dxupdate.cab
[2009/03/16 20:36:38 | 001,247,499 | ---- | M] () -- C:\Feb2005_d3dx9_24_x64.cab
[2009/03/16 20:36:42 | 001,013,217 | ---- | M] () -- C:\Feb2005_d3dx9_24_x86.cab
[2009/03/16 20:36:38 | 001,362,788 | ---- | M] () -- C:\Feb2006_d3dx9_29_x64.cab
[2009/03/16 20:36:44 | 001,084,712 | ---- | M] () -- C:\Feb2006_d3dx9_29_x86.cab
[2009/03/16 20:36:28 | 000,178,351 | ---- | M] () -- C:\Feb2006_XACT_x64.cab
[2009/03/16 20:36:20 | 000,132,409 | ---- | M] () -- C:\Feb2006_XACT_x86.cab
[2009/03/16 20:36:26 | 000,194,675 | ---- | M] () -- C:\FEB2007_XACT_x64.cab
[2009/03/16 20:36:24 | 000,147,975 | ---- | M] () -- C:\FEB2007_XACT_x86.cab
[2009/08/03 01:33:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/16 20:36:38 | 001,335,994 | ---- | M] () -- C:\Jun2005_d3dx9_26_x64.cab
[2009/03/16 20:36:42 | 001,064,917 | ---- | M] () -- C:\Jun2005_d3dx9_26_x86.cab
[2009/03/16 20:36:28 | 000,180,777 | ---- | M] () -- C:\JUN2006_XACT_x64.cab
[2009/03/16 20:36:20 | 000,133,663 | ---- | M] () -- C:\JUN2006_XACT_x86.cab
[2009/03/16 20:36:32 | 000,699,036 | ---- | M] () -- C:\JUN2007_d3dx10_34_x64.cab
[2009/03/16 20:36:34 | 000,698,472 | ---- | M] () -- C:\JUN2007_d3dx10_34_x86.cab
[2009/03/16 20:36:40 | 001,607,766 | ---- | M] () -- C:\JUN2007_d3dx9_34_x64.cab
[2009/03/16 20:36:40 | 001,607,286 | ---- | M] () -- C:\JUN2007_d3dx9_34_x86.cab
[2009/03/16 20:36:28 | 000,197,122 | ---- | M] () -- C:\JUN2007_XACT_x64.cab
[2009/03/16 20:36:24 | 000,152,909 | ---- | M] () -- C:\JUN2007_XACT_x86.cab
[2009/03/16 20:36:38 | 000,867,828 | ---- | M] () -- C:\JUN2008_d3dx10_38_x64.cab
[2009/03/16 20:36:36 | 000,849,919 | ---- | M] () -- C:\JUN2008_d3dx10_38_x86.cab
[2009/03/16 20:36:46 | 001,792,600 | ---- | M] () -- C:\JUN2008_d3dx9_38_x64.cab
[2009/03/16 20:36:38 | 001,463,878 | ---- | M] () -- C:\JUN2008_d3dx9_38_x86.cab
[2009/03/16 20:36:14 | 000,055,154 | ---- | M] () -- C:\JUN2008_X3DAudio_x64.cab
[2009/03/16 20:36:12 | 000,021,897 | ---- | M] () -- C:\JUN2008_X3DAudio_x86.cab
[2009/03/16 20:36:20 | 000,121,046 | ---- | M] () -- C:\JUN2008_XACT_x64.cab
[2009/03/16 20:36:20 | 000,093,120 | ---- | M] () -- C:\JUN2008_XACT_x86.cab
[2009/03/16 20:36:32 | 000,269,620 | ---- | M] () -- C:\JUN2008_XAudio_x64.cab
[2009/03/16 20:36:32 | 000,269,016 | ---- | M] () -- C:\JUN2008_XAudio_x86.cab
[2008/12/26 02:50:08 | 000,020,992 | ---- | M] () -- C:\makePNF.exe
[2009/03/16 20:36:34 | 000,844,884 | ---- | M] () -- C:\Mar2008_d3dx10_37_x64.cab
[2009/03/16 20:36:34 | 000,818,252 | ---- | M] () -- C:\Mar2008_d3dx10_37_x86.cab
[2009/03/16 20:36:46 | 001,769,854 | ---- | M] () -- C:\Mar2008_d3dx9_37_x64.cab
[2009/03/16 20:36:38 | 001,443,282 | ---- | M] () -- C:\Mar2008_d3dx9_37_x86.cab
[2009/03/16 20:36:14 | 000,055,058 | ---- | M] () -- C:\Mar2008_X3DAudio_x64.cab
[2009/03/16 20:36:12 | 000,021,867 | ---- | M] () -- C:\Mar2008_X3DAudio_x86.cab
[2009/03/16 20:36:20 | 000,122,328 | ---- | M] () -- C:\Mar2008_XACT_x64.cab
[2009/03/16 20:36:20 | 000,093,726 | ---- | M] () -- C:\Mar2008_XACT_x86.cab
[2009/03/16 20:36:30 | 000,251,194 | ---- | M] () -- C:\Mar2008_XAudio_x64.cab
[2009/03/16 20:36:30 | 000,226,242 | ---- | M] () -- C:\Mar2008_XAudio_x86.cab
[2009/03/16 20:36:42 | 001,067,160 | ---- | M] () -- C:\Mar2009_d3dx10_41_x64.cab
[2009/03/16 20:36:42 | 001,040,745 | ---- | M] () -- C:\Mar2009_d3dx10_41_x86.cab
[2009/03/16 20:36:48 | 001,973,694 | ---- | M] () -- C:\Mar2009_d3dx9_41_x64.cab
[2009/03/16 20:36:38 | 001,612,446 | ---- | M] () -- C:\Mar2009_d3dx9_41_x86.cab
[2009/03/16 20:36:12 | 000,054,592 | ---- | M] () -- C:\Mar2009_X3DAudio_x64.cab
[2009/03/16 20:36:10 | 000,021,298 | ---- | M] () -- C:\Mar2009_X3DAudio_x86.cab
[2009/03/16 20:36:20 | 000,121,498 | ---- | M] () -- C:\Mar2009_XACT_x64.cab
[2009/03/16 20:36:16 | 000,092,732 | ---- | M] () -- C:\Mar2009_XACT_x86.cab
[2009/03/16 20:36:30 | 000,275,036 | ---- | M] () -- C:\Mar2009_XAudio_x64.cab
[2009/03/16 20:36:30 | 000,273,010 | ---- | M] () -- C:\Mar2009_XAudio_x86.cab
[2009/08/03 01:33:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/26 02:50:08 | 000,137,728 | ---- | M] () -- C:\mute.exe
[2009/03/16 20:36:36 | 000,864,592 | ---- | M] () -- C:\Nov2007_d3dx10_36_x64.cab
[2009/03/16 20:36:34 | 000,803,884 | ---- | M] () -- C:\Nov2007_d3dx10_36_x86.cab
[2009/03/16 20:36:46 | 001,802,050 | ---- | M] () -- C:\Nov2007_d3dx9_36_x64.cab
[2009/03/16 20:36:44 | 001,709,352 | ---- | M] () -- C:\Nov2007_d3dx9_36_x86.cab
[2009/03/16 20:36:12 | 000,046,144 | ---- | M] () -- C:\NOV2007_X3DAudio_x64.cab
[2009/03/16 20:36:12 | 000,018,488 | ---- | M] () -- C:\NOV2007_X3DAudio_x86.cab
[2009/03/16 20:36:28 | 000,196,754 | ---- | M] () -- C:\NOV2007_XACT_x64.cab
[2009/03/16 20:36:22 | 000,148,264 | ---- | M] () -- C:\NOV2007_XACT_x86.cab
[2009/03/16 20:36:42 | 000,994,146 | ---- | M] () -- C:\Nov2008_d3dx10_40_x64.cab
[2009/03/16 20:36:38 | 000,965,413 | ---- | M] () -- C:\Nov2008_d3dx10_40_x86.cab
[2009/03/16 20:36:48 | 001,906,870 | ---- | M] () -- C:\Nov2008_d3dx9_40_x64.cab
[2009/03/16 20:36:38 | 001,550,796 | ---- | M] () -- C:\Nov2008_d3dx9_40_x86.cab
[2009/03/16 20:36:12 | 000,055,110 | ---- | M] () -- C:\Nov2008_X3DAudio_x64.cab
[2009/03/16 20:36:12 | 000,021,836 | ---- | M] () -- C:\Nov2008_X3DAudio_x86.cab
[2009/03/16 20:36:20 | 000,121,746 | ---- | M] () -- C:\Nov2008_XACT_x64.cab
[2009/03/16 20:36:18 | 000,092,688 | ---- | M] () -- C:\Nov2008_XACT_x86.cab
[2009/03/16 20:36:34 | 000,273,990 | ---- | M] () -- C:\Nov2008_XAudio_x64.cab
[2009/03/16 20:36:32 | 000,273,203 | ---- | M] () -- C:\Nov2008_XAudio_x86.cab
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/16 20:36:16 | 000,086,029 | ---- | M] () -- C:\Oct2005_xinput_x64.cab
[2009/03/16 20:36:12 | 000,045,359 | ---- | M] () -- C:\Oct2005_xinput_x86.cab
[2009/03/16 20:36:38 | 001,412,894 | ---- | M] () -- C:\OCT2006_d3dx9_31_x64.cab
[2009/03/16 20:36:42 | 001,127,209 | ---- | M] () -- C:\OCT2006_d3dx9_31_x86.cab
[2009/03/16 20:36:28 | 000,182,361 | ---- | M] () -- C:\OCT2006_XACT_x64.cab
[2009/03/16 20:36:22 | 000,138,017 | ---- | M] () -- C:\OCT2006_XACT_x86.cab
[2010/05/21 20:15:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/02/01 15:09:33 | 000,269,947 | ---- | M] () -- C:\pmtimer.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/03/29 05:05:46 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/02 20:19:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/02 20:19:46 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/02 20:19:46 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/08 10:17:24 | 000,033,920 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 12:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/01/22 23:49:45 | 000,138,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/01/01 08:58:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 12:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
  • 0

#3
joe joe

joe joe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4124

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/05/2010 17:48:37
mbam-log-2010-05-21 (17-48-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 167503
Time elapsed: 50 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
joe joe

joe joe

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-21 20:09:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xBA19AC26]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xBA19AC40]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xBA199DE4]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xBA19A10C]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xBA199B30]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xBA19A53E]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xBA19B7DC]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xBA19A38E]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xBA1999B6]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xBA199E18]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xBA199F92]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xBA199916]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xBA199A6C]
SSDT \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xBA199EDC]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [B6, 99, 19, BA, 18, 9E, 19, ...]
PAGE ntkrnlpa.exe!IoCreateDevice 805758EE 3 Bytes JMP B9E2DFC6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGE ntkrnlpa.exe!IoCreateDevice + 4 805758F2 1 Byte [39]
PAGENPNP NDIS.SYS!NdisRegisterProtocol B9DFE17F 5 Bytes JMP B9E2DDD8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter B9DFE399 5 Bytes JMP B9E2E360 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter B9E0867A 5 Bytes JMP B9E2DEE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E08859 5 Bytes JMP B9E2E17C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets B9E0B810 5 Bytes JMP B9E2EBD8 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest B9E0B97B 5 Bytes JMP B9E2E578 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend B9E0E986 5 Bytes JMP B9E2F558 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets B9E0E9A3 5 Bytes JMP B9E2F62A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData B9E0E9BE 5 Bytes JMP B9E2ECD6 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc B9E1522C 5 Bytes JMP B9E2DE42 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E165FD 5 Bytes JMP B9E2DEB0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets B9E16BD6 5 Bytes JMP B9E2F342 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB796F000, 0x1894F8, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[768] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- EOF - GMER 1.0.15 ----
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP