Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Rootkit and Bootloader Possible x64 TDL#

Started by catzlpn , Nov 22 2010 11:11 AM

  • Please log in to reply

#1
catzlpn
Posted 22 November 2010 - 11:11 AM

catzlpn

    New Member

  • Member
  • Pip
  • 1 posts
I have 12 computers that are completely controlled remotely by malware, Internet all program files everything is out of my control. I have reformatted all hard drives, reinstalled numerous OS on all computers to no avail. My BIOS are hacked or "shadowed" as I saw a few months ago on some logs I pulled up from Hirens Boot CD files. My external hard drives are so infected as well as many USB drives. Seeing an autorun.inf on all of them. It appears I am actually on a Linux Red Hat virtual drive. I have bought new routers, new cable modem, and had Comcast change out my cable box to no avail. I bought two new computers that became infected as well. I have tried using gmer, malwarebytes, Hitman Pro, Prevx, combofix and TdSSkiller without any success getting rid of this demon! I have numerous different saved logs from all of the above if they would be of any help. There is no doubt that I have been hooked, been fighting this demon since July! Nothing works tried it all. I really appreciate your time and consideration!

OTL logfile created on: 11/22/2010 10:57:21 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Windows\untitled folder

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 567.86 Gb Free Space | 95.25% Space Free | Partition Type: NTFS



Computer Name: ASUSAMD-240-PC | User Name: Asus AMD-240 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - C:\Windows\untitled folder\OTL(2).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

PRC - C:\Windows\untitled folder\Acronis True Image Home 2011 14.0.0 Build 3055\Acronis True Image Home 2011 14.0.0 Build 3055\Acronis True Image Home 2011 14.0.0 Build 3055\Acronis True Image Home 2011 14.0.0 Build 3055\setup_install.exe (Acronis)

PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)

PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)

PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

PRC - C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\GPU NOS\Gpu.exe (ASUSTeK Computer Inc.)

PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

PRC - C:\Program Files (x86)\Acer\Registration\GREG.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)





========== Modules (SafeList) ==========



MOD - C:\Windows\untitled folder\OTL(2).exe (OldTimer Tools)

MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)





========== Win32 Services (SafeList) ==========



SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)

SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)

SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)





========== Driver Services (SafeList) ==========



DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)

DRV:64bit: - (tdrpman270) Acronis Try&Decide and Restore Points filter (build 270) -- C:\Windows\SysNative\drivers\tdrpm270.sys (Acronis)

DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)

DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)

DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)

DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)

DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows ® Codename Longhorn DDK provider)

DRV - (AODDriver) -- C:\Program Files (x86)\ASUS\GPU NOS\amd64\aoddriver.sys (Advanced Micro Devices)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...hxe773egeic5367

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...hxe773egeic5367

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...hxe773egeic5367

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...hxe773egeic5367



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...hxe773egeic5367

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...hxe773egeic5367

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/22 09:53:32 | 000,000,000 | ---D | M]





O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100802233257.dll (McAfee, Inc.)

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100802233257.dll (McAfee, Inc.)

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\RunOnce: [*___MsiRebootRequired___] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{22e428e5-f65f-11df-bd66-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{22e428e5-f65f-11df-bd66-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2010/11/22 12:43:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2010/11/22 12:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2010/11/22 12:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2010/11/22 12:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2010/11/22 12:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2010/11/22 12:40:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/11/22 12:37:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/11/22 10:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis

[2010/11/22 10:56:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis

[2010/11/22 10:56:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/11/22 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\Acronis

[2010/11/22 10:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis

[2010/11/22 10:27:28 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\Desktop\New folder

[2010/11/22 10:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS GPU Profile

[2010/11/22 10:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles

[2010/11/22 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\ATI

[2010/11/22 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\ATI

[2010/11/22 10:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2010/11/22 10:19:27 | 000,043,008 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys

[2010/11/22 10:19:23 | 000,024,064 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys

[2010/11/22 10:19:18 | 000,026,624 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtNdPt60.sys

[2010/11/22 10:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS

[2010/11/22 10:18:16 | 000,000,000 | -H-D | C] -- C:\temp

[2010/11/22 10:18:16 | 000,000,000 | -H-D | C] -- C:\dvmexp

[2010/11/22 10:17:45 | 000,000,000 | -H-D | C] -- C:\ASUS.000

[2010/11/22 10:17:18 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS

[2010/11/22 10:16:51 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\Downloaded Installations

[2010/11/22 10:14:02 | 000,239,616 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2010/11/22 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2010/11/22 10:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS

[2010/11/22 10:10:35 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll

[2010/11/22 10:10:35 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll

[2010/11/22 10:10:35 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll

[2010/11/22 10:10:35 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll

[2010/11/22 10:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA

[2010/11/22 09:58:07 | 000,000,000 | -H-D | C] -- C:\MyWinLockerData

[2010/11/22 09:57:59 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\Macromedia

[2010/11/22 09:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp

[2010/11/22 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\OEM

[2010/11/22 09:55:16 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\EgisTec IPS

[2010/11/22 09:55:16 | 000,000,000 | ---D | C] -- C:\book

[2010/11/22 09:55:03 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Searches

[2010/11/22 09:55:03 | 000,000,000 | -H-D | C] -- C:\Users\Asus AMD-240\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/11/22 09:54:54 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\Identities

[2010/11/22 09:54:51 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Contacts

[2010/11/22 09:54:49 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\VirtualStore

[2010/11/22 09:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D

[2010/11/22 09:53:01 | 000,000,000 | --SD | C] -- C:\Users\Asus AMD-240\AppData\Roaming\Microsoft

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Videos

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Saved Games

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Pictures

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Music

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Links

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Favorites

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Downloads

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\My Documents

[2010/11/22 09:53:01 | 000,000,000 | R--D | C] -- C:\Users\Asus AMD-240\Desktop

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\AppData\Local\Temporary Internet Files

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Templates

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Start Menu

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\SendTo

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Recent

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\NetHood

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Documents\My Videos

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Documents\My Pictures

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Documents\My Music

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\My Documents

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Local Settings

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\AppData\Local\History

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Cookies

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\Application Data

[2010/11/22 09:53:01 | 000,000,000 | -HSD | C] -- C:\Users\Asus AMD-240\AppData\Local\Application Data

[2010/11/22 09:53:01 | 000,000,000 | -H-D | C] -- C:\Users\Asus AMD-240\AppData

[2010/11/22 09:53:01 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\Temp

[2010/11/22 09:53:01 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Local\Microsoft

[2010/11/22 09:53:01 | 000,000,000 | ---D | C] -- C:\Users\Asus AMD-240\AppData\Roaming\Media Center Programs

[2010/11/22 09:52:52 | 000,000,000 | -HSD | C] -- C:\Recovery

[2010/11/22 09:52:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos

[2010/11/22 09:52:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures

[2010/11/22 09:52:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music

[2010/11/22 06:00:28 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log

[2010/11/21 22:32:07 | 000,000,000 | ---D | C] -- C:\Windows\untitled folder



========== Files - Modified Within 30 Days ==========



[2010/11/22 12:52:39 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/11/22 12:52:39 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/11/22 12:45:13 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd

[2010/11/22 10:58:40 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/22 10:58:40 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/22 10:58:40 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/22 10:56:54 | 000,001,377 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk

[2010/11/22 10:56:54 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk

[2010/11/22 10:51:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/22 10:51:56 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/22 10:28:42 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/22 10:28:42 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/22 10:28:41 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2010/11/22 10:24:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2010/11/22 10:20:56 | 000,043,380 | ---- | M] () -- C:\Windows\Ascd_log.ini

[2010/11/22 10:19:52 | 000,000,664 | ---- | M] () -- C:\Windows\setup.iss

[2010/11/22 10:17:49 | 000,000,068 | -H-- | M] () -- C:\splash.idx

[2010/11/22 10:14:57 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini

[2010/11/22 10:10:54 | 000,001,092 | ---- | M] () -- C:\HD VDeck.lnk

[2010/11/22 10:08:52 | 000,031,453 | ---- | M] () -- C:\Windows\Ascd_tmp.ini

[2010/11/22 09:53:43 | 000,002,086 | ---- | M] () -- C:\Netflix.lnk

[2010/11/22 06:00:28 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag



========== Files Created - No Company Name ==========



[2010/11/22 12:45:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd

[2010/11/22 12:37:14 | 2213,945,344 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/22 10:56:54 | 000,001,377 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk

[2010/11/22 10:56:54 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk

[2010/11/22 10:28:41 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx

[2010/11/22 10:24:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/11/22 10:14:13 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2010/11/22 10:12:29 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml

[2010/11/22 10:11:17 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2010/11/22 10:11:17 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2010/11/22 10:11:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2010/11/22 10:11:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2010/11/22 10:11:02 | 000,000,664 | ---- | C] () -- C:\Windows\setup.iss

[2010/11/22 10:10:54 | 000,001,092 | ---- | C] () -- C:\HD VDeck.lnk

[2010/11/22 10:08:57 | 000,043,380 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2010/11/22 10:08:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/11/22 10:08:45 | 000,031,453 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/11/22 09:57:26 | 000,000,598 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe4.log

[2010/11/22 09:53:43 | 000,002,086 | ---- | C] () -- C:\Netflix.lnk

[2010/11/22 09:53:01 | 000,000,290 | ---- | C] () -- C:\Users\Asus AMD-240\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2010/11/22 09:53:01 | 000,000,272 | ---- | C] () -- C:\Users\Asus AMD-240\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2010/11/22 06:01:28 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/07/05 21:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll



========== LOP Check ==========



[2010/11/22 10:55:14 | 000,000,000 | ---D | M] -- C:\Users\Asus AMD-240\AppData\Roaming\Acronis

[2010/11/22 09:55:18 | 000,000,000 | ---D | M] -- C:\Users\Asus AMD-240\AppData\Roaming\OEM

[2009/07/14 00:08:49 | 000,004,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT



========== Purity Check ==========







< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP