Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:DOS/Alureon.E detected after a format/clean install of win7


  • Please log in to reply

#1
jonarni

jonarni

    New Member

  • Member
  • Pip
  • 9 posts
A few days ago my system was attacked by the "System Fix" ransomware. I followed some online guides to regain control of the PC. Since then I have still had some issues, including random redirects. So today I backed up my files and did a clean install of Windows 7 (64 bit).

After formatting I installed Microsoft Security Essentials, which immediately found 1 threat: Trojan:DOS/Alureon.E
MSE offers, but fails, to remove the threat.

Any help getting rid of this infection would be greatly appreciated. I have the win7 and driver install dvd's handy, so don't worry about saving any files or setups. Below are the OTL.txt and Extras.txt contents.

OTL.txt:

OTL logfile created on: 19-12-2011 18:44:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,98 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,59% Memory free
15,95 Gb Paging File | 14,25 Gb Available in Paging File | 89,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 907,21 Gb Free Space | 97,40% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,36% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 580,39 Gb Free Space | 41,54% Space Free | Partition Type: NTFS

Computer Name: PERLEN | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-19 18:42:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
PRC - [2011-11-21 05:19:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011-02-15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2010-04-27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009-10-26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009-10-26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-21 05:19:36 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-02-15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011-02-15 12:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011-02-15 12:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011-02-15 12:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011-02-15 12:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011-02-15 12:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2010-07-27 05:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2009-06-27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-11-25 15:00:10 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2009-10-26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-11-25 16:06:28 | 010,497,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-11-25 14:23:04 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-06-06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010-10-27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010-10-27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010-10-27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010-10-27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010-10-27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010-10-27 15:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010-10-27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010-10-27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010-10-26 04:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-10-19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010-09-30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-09-30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010-08-27 18:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010-05-27 01:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-19 17:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-12-19 17:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011-12-19 17:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-11-21 05:19:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-11-21 02:56:15 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2011-11-21 02:08:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-11-21 02:56:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB7D8D79-1BFA-4F71-BA1A-C918566A176F}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-21 03:43:28 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002-10-17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-20 02:04:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011-12-20 02:04:03 | 000,000,000 | -HSD | C] -- C:\Boot
[2011-12-19 18:42:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2011-12-19 18:07:29 | 000,000,000 | R--D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011-12-19 17:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011-12-19 17:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-12-19 17:43:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2011-12-19 17:43:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Atheros
[2011-12-19 17:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\BMExplorer
[2011-12-19 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\Documents\Bluetooth Folder
[2011-12-19 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2011-12-19 17:39:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2011-12-19 17:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2011-12-19 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2011-12-19 17:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2011-12-19 17:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011-12-19 17:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011-12-19 17:34:57 | 000,406,632 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011-12-19 17:32:28 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2011-12-19 17:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011-12-19 17:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-12-19 17:31:53 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011-12-19 17:31:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011-12-19 17:31:52 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011-12-19 17:31:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011-12-19 17:31:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011-12-19 17:31:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011-12-19 17:31:52 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011-12-19 17:31:52 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011-12-19 17:31:52 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011-12-19 17:31:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011-12-19 17:31:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011-12-19 17:31:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011-12-19 17:31:51 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011-12-19 17:31:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011-12-19 17:31:51 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011-12-19 17:31:50 | 001,716,368 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011-12-19 17:31:50 | 000,419,472 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011-12-19 17:31:50 | 000,125,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011-12-19 17:31:50 | 000,072,336 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011-12-19 17:31:49 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011-12-19 17:31:49 | 001,770,328 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011-12-19 17:31:49 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011-12-19 17:31:49 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011-12-19 17:31:49 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011-12-19 17:31:49 | 000,106,640 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011-12-19 17:31:47 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011-12-19 17:31:47 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011-12-19 17:31:47 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011-12-19 17:31:47 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011-12-19 17:31:47 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011-12-19 17:31:47 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011-12-19 17:31:47 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011-12-19 17:31:47 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011-12-19 17:31:47 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011-12-19 17:31:47 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011-12-19 17:31:47 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011-12-19 17:31:47 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011-12-19 17:31:47 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011-12-19 17:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011-12-19 17:31:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011-12-19 17:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011-12-19 17:31:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011-12-19 17:31:36 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\InstallShield
[2011-12-19 17:31:04 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011-12-19 17:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011-12-19 17:31:00 | 000,000,000 | ---D | C] -- C:\Intel
[2011-12-19 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011-12-19 17:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011-12-19 17:20:21 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Diagnostics
[2011-12-19 17:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Mozilla
[2011-12-19 17:19:48 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Mozilla
[2011-12-19 17:18:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\ATI
[2011-12-19 17:18:18 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\ATI
[2011-12-19 17:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011-12-19 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011-12-19 17:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011-12-19 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011-12-19 17:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011-12-19 17:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011-12-19 17:15:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011-12-19 17:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011-12-19 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011-12-19 17:14:39 | 000,000,000 | ---D | C] -- C:\AMD
[2011-12-19 17:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-12-19 17:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011-12-19 17:12:01 | 000,000,000 | R--D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011-12-19 17:12:01 | 000,000,000 | R--D | C] -- C:\Users\Jon\Searches
[2011-12-19 17:12:01 | 000,000,000 | R--D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011-12-19 17:12:01 | 000,000,000 | -H-D | C] -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011-12-19 17:11:54 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Identities
[2011-12-19 17:11:52 | 000,000,000 | R--D | C] -- C:\Users\Jon\Contacts
[2011-12-19 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\VirtualStore
[2011-12-19 17:11:45 | 000,000,000 | --SD | C] -- C:\Users\Jon\AppData\Roaming\Microsoft
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Videos
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Saved Games
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Pictures
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Music
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Links
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Favorites
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Downloads
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Documents
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\Desktop
[2011-12-19 17:11:45 | 000,000,000 | R--D | C] -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\Temporary Internet Files
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Templates
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Start Menu
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\SendTo
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Recent
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\PrintHood
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\NetHood
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Videos
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Pictures
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Documents\My Music
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\My Documents
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Local Settings
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\History
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Cookies
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\Application Data
[2011-12-19 17:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Jon\AppData\Local\Application Data
[2011-12-19 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Jon\AppData
[2011-12-19 17:11:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Temp
[2011-12-19 17:11:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Microsoft
[2011-12-19 17:11:45 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Media Center Programs
[2011-12-19 17:11:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011-12-19 17:05:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011-12-19 17:04:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011-11-25 15:00:42 | 000,517,120 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011-11-25 15:00:10 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011-11-25 14:59:10 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011-11-25 14:58:34 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011-11-25 14:30:06 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011-11-25 09:20:44 | 000,051,200 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-11-25 09:20:38 | 000,044,032 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

========== Files - Modified Within 30 Days ==========

[2011-12-20 02:04:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011-12-19 18:42:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2011-12-19 18:12:02 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-19 18:12:02 | 000,609,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-12-19 18:12:02 | 000,104,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-12-19 18:07:24 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011-12-19 18:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-19 18:07:02 | 2129,309,695 | -HS- | M] () -- C:\hiberfil.sys
[2011-12-19 18:06:08 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-19 18:06:07 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-19 17:55:29 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011-12-19 17:55:08 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-19 17:43:46 | 000,038,208 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2011-12-19 17:41:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2011-12-19 17:40:19 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2011-12-19 17:29:24 | 000,025,177 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2011-12-19 17:29:17 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011-12-19 17:24:09 | 000,001,086 | ---- | M] () -- C:\Users\Jon\Desktop\MSI Afterburner.lnk
[2011-12-19 17:17:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011-12-19 17:14:07 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-12-19 17:08:41 | 000,266,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-12-19 17:07:48 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011-12-19 17:07:48 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011-11-25 15:05:10 | 000,207,792 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2011-11-25 15:05:10 | 000,207,792 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011-11-25 15:00:42 | 000,517,120 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011-11-25 15:00:10 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011-11-25 14:59:10 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011-11-25 14:58:34 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011-11-25 14:45:56 | 001,987,040 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011-11-25 14:45:56 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-11-25 14:45:56 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2011-11-25 14:45:56 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-11-25 14:45:56 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2011-11-25 14:38:30 | 001,988,768 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011-11-25 14:30:06 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011-11-25 09:22:48 | 000,066,560 | ---- | M] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011-11-25 09:22:42 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-11-25 09:22:34 | 000,066,560 | ---- | M] () -- C:\Windows\SysNative\OVDecoder64.dll
[2011-11-25 09:22:26 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-11-25 09:20:44 | 000,051,200 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011-11-25 09:20:38 | 000,044,032 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

========== Files Created - No Company Name ==========

[2011-12-20 02:04:04 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011-12-20 02:04:03 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011-12-19 17:55:29 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011-12-19 17:55:08 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-19 17:54:59 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011-12-19 17:43:57 | 000,001,238 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2011-12-19 17:43:15 | 000,000,035 | ---- | C] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011-12-19 17:41:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2011-12-19 17:34:56 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011-12-19 17:31:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2011-12-19 17:30:36 | 000,038,208 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011-12-19 17:29:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011-12-19 17:29:12 | 000,025,177 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-12-19 17:24:10 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll
[2011-12-19 17:24:09 | 000,001,086 | ---- | C] () -- C:\Users\Jon\Desktop\MSI Afterburner.lnk
[2011-12-19 17:17:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-12-19 17:14:07 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-12-19 17:14:07 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011-12-19 17:12:06 | 000,001,409 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011-12-19 17:12:03 | 000,001,443 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011-12-19 17:11:45 | 000,000,290 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011-12-19 17:11:45 | 000,000,272 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-12-19 17:07:41 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011-12-19 17:07:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011-12-19 17:04:43 | 2129,309,695 | -HS- | C] () -- C:\hiberfil.sys
[2011-11-25 15:05:10 | 000,207,792 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2011-11-25 15:05:10 | 000,207,792 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011-11-25 14:45:56 | 001,987,040 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011-11-25 14:45:56 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-11-25 14:45:56 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2011-11-25 14:45:56 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-11-25 14:45:56 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2011-11-25 14:38:30 | 001,988,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011-11-25 09:22:48 | 000,066,560 | ---- | C] () -- C:\Windows\SysNative\OpenVideo64.dll
[2011-11-25 09:22:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-11-25 09:22:34 | 000,066,560 | ---- | C] () -- C:\Windows\SysNative\OVDecoder64.dll
[2011-11-25 09:22:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2009-07-14 06:08:49 | 000,002,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Extras.txt:

OTL Extras logfile created on: 19-12-2011 18:44:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,98 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,59% Memory free
15,95 Gb Paging File | 14,25 Gb Available in Paging File | 89,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 907,21 Gb Free Space | 97,40% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,36 Mb Free Space | 70,36% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 580,39 Gb Free Space | 41,54% Space Free | Partition Type: NTFS

Computer Name: PERLEN | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FB4FEB-B994-169A-507C-369048DCDACB}" = ccc-utility64
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{24BDC332-32A7-33F7-2599-1903E743B62B}" = AMD AVIVO64 Codecs
"{2BA9D1BC-C450-C22B-66A2-872783B310BC}" = AMD Drag and Drop Transcoding
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56CB02B0-7DA3-143A-29F3-F0924CC43207}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DA-DK Language Pack
"{DD3E185B-5215-EE9F-5B01-C493193168C7}" = AMD Media Foundation Decoders
"{F27D5AAD-758E-460F-964D-6F2E65964C08}" = Microsoft Antimalware Service DA-DK Language Pack
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013A19BF-EE27-9FB9-5445-C7F13E4BB1B2}" = Catalyst Control Center InstallProxy
"{08CF0904-5AF2-1D20-1A38-BD4CB609DF28}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DF55DEA-D893-A4AD-E68E-43A84FFCE0DF}" = HydraVision
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F00F52A-FAF3-6842-AE51-336F36E4E34E}" = CCC Help Spanish
"{4284721C-3665-CD39-6E3A-001EF89A76FB}" = CCC Help French
"{47D1C256-08A2-3301-5747-575216650518}" = CCC Help Danish
"{4C39374A-C16A-BDF0-1901-8C2441CCB66D}" = CCC Help English
"{4C408BF5-4997-6318-BB80-5A4B55938F06}" = CCC Help Swedish
"{4C6747D9-F8A1-2E5C-3B72-559549133186}" = CCC Help Polish
"{4F7D5A6B-7C9F-8240-C39E-E8B6D702AF8B}" = Catalyst Control Center Localization All
"{50AEEB69-5A01-5626-0543-AE4E93020D4D}" = Catalyst Control Center Graphics Previews Common
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5CC355C0-18A5-3144-FB67-76F0DE9464CA}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{670BF2B2-7E12-5EBB-187F-1E8B9261FC33}" = CCC Help Norwegian
"{72A3AA90-D847-C373-C970-3A78B5EDB395}" = CCC Help Portuguese
"{7DCF39B0-FB5E-5C0A-47EA-3C6940FB1383}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DC09A32-340D-5B07-A5C6-41510E712C45}" = Catalyst Control Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A226D7D7-9E4A-6FBF-893E-131FA12643E8}" = CCC Help Italian
"{ABB1E211-9867-CADB-4531-5BE1692D34AE}" = CCC Help Korean
"{B52B3FFA-C6F4-A40E-0C83-43CC6E9971C1}" = CCC Help Finnish
"{C08AA6B3-DA88-EC19-F957-FD0C1F8787A9}" = CCC Help Japanese
"{C4D3AE8B-1E8C-5B43-A7DB-D6A557AC4C80}" = CCC Help Thai
"{C7495A52-2235-A33A-D534-FE61FF3C9EEC}" = CCC Help German
"{CA5DBDEB-B90C-E0D7-92A1-84C41420994D}" = CCC Help Chinese Standard
"{CB0F7ACD-5E8F-63D6-A4BE-F157BF771BE2}" = CCC Help Czech
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7B6CCEE-331F-1876-2C53-5D4EDD0E7D2E}" = CCC Help Hungarian
"{DD6BFA76-7442-81D6-26B8-A436A4DCF86D}" = CCC Help Dutch
"{EA3EE26E-13A1-0734-D71F-233F5AA5DEFA}" = CCC Help Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Afterburner" = MSI Afterburner 2.1.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx console driver
"Mozilla Firefox 8.0.1 (x86 da)" = Mozilla Firefox 8.0.1 (x86 da)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19-12-2011 12:11:39 | Computer Name = Perlen | Source = Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=BBBBB
ACID=?
Detailed
Error[?]

[ System Events ]
Error - 19-12-2011 13:07:28 | Computer Name = Perlen | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19-12-2011 13:07:28 | Computer Name = Perlen | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19-12-2011 13:07:30 | Computer Name = Perlen | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19-12-2011 13:07:31 | Computer Name = Perlen | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19-12-2011 13:07:33 | Computer Name = Perlen | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 19-12-2011 13:08:10 | Computer Name = Perlen | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Perlen\Jon Process
Name: C:\Windows\System32\svchost.exe Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.1361.0, AS: 1.117.1361.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 19-12-2011 13:08:10 | Computer Name = Perlen | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: Perlen\Jon Process
Name: C:\Windows\System32\svchost.exe Action: %%809 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x80070032 Error description:
The request is not supported. Signature Version: AV: 1.117.1361.0, AS: 1.117.1361.0,
NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 19-12-2011 13:08:38 | Computer Name = Perlen | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
Perlen\Jon Process Name: Unknown Action: %%808 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x800704ec Error description:
This program is blocked by group policy. For more information, contact your system
administrator. Signature Version: AV: 1.117.1361.0, AS: 1.117.1361.0, NIS: 10.7.0.0

Engine
Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 19-12-2011 13:08:38 | Computer Name = Perlen | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%820 User:
Perlen\Jon Process Name: Unknown Action: %%809 Action Status: To finish removing
malware and other potentially unwanted software, restart the computer. To see how
to finish removing malware and other potentially unwanted software, see the support
article on the Microsoft Security website. Error Code: 0x80070032 Error description:
The request is not supported. Signature Version: AV: 1.117.1361.0, AS: 1.117.1361.0,
NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0, NIS: 2.0.7707.0

Error - 19-12-2011 13:38:02 | Computer Name = Perlen | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.117.1361.0, AS: 1.117.1361.0, NIS: 10.7.0.0 Engine Version: AM: 1.1.7903.0,
NIS: 2.0.7707.0


< End of report >

Edited by jonarni, 19 December 2011 - 02:02 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
If you don't know how to create a screen shot see: http://graphicssoft....nscreenshot.htm SaveAs the file as a .jpg or the forum won't allow it.


Ron
  • 0

#3
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Ron, thanks for your reply. Here's the requested screenshot.

Attached Thumbnails

  • DiskManagement.jpg

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
OK. It's what I thought. Following instructions are for an active infection. In your case we probably just need to delete the 2M sized partition so you probably don't need the 2nd CD but it wouldn't hurt to have it just in case.

I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows Vista 64-Bit (x64) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows Vista Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete has size 2M
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows Vista Recovery Environment CD and execute the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#5
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, one quick question: is it safe to burn the CD's from the infected PC? It's the only one I've got here, so otherwise it will have to wait for tomorrow so I can burn the CD's at work.
  • 0

#6
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
One problem, when I try to download the Vista Recovery Environment, it says I don't have the necessary privileges to access the page. I tried registering an account at Digiex, but it's still telling me:

jonarni, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
It doesn't appear that the infection is active so I'd think you could get away with burning them on the sick PC.

You might even be able to delete the 2M partition from Disk Manager without a CD. Select it and right click and see if there is a Delete Volume option. Just make sure you only delete the 2M sized partition.

If you have the Windows 7 disk then you can use it instead of the recovery environment.
  • 1

#8
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
There was a "Delete Volume" option, that I clicked. Now Disk Management only shows the (C:) and "System Reserved (D:)" volumes.

I do have the Windows 7 disk.

Do I still run the gparted bit? And the bootrec commands from the Win 7 disc?
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
See if it will reboot OK now. IF it does you don't need the disks. Ask your anti-virus if the infection is gone.

If it doesn't boot then boot from the Windows 7 disk, Get into the Repair your computer, Command Prompt and:


bootrec /FixMbr
bootrec /FixBoot
exit
  • 0

#10
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The PC reboots without problems. MSE no longer reports the threat. I ran the MSE quick scan and got 0 threats detected.
  • 0

Advertisements


#11
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I now also ran a full system scan with MSE and it still comes up clean.

Also, one extra question, if the PC is clean now:

During both the "System Fix" and "DOS:Alureon.E" infections, my external HDD had contact to the PC. The external has my backups on it. Is it safe to connect it to the PC and restore my files? Is there some way to scan it without risking re-infection of the PC?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
I think if you turn off autorun you should be OK.

http://www.addictive...y-in-windows-7/

or

Step 1. Start Notepad or another text editor.

Step 2. Copy the following text from this page and paste it into your text editor (everything between the square brackets should be all on one line):

REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf]
@=”@SYS:DoesNotExist”

Step 3. Save the file with a name like NoAutoRun.reg, taking care to include the .reg extension.

Step 4. Right-click your .reg file and choose Merge. Confirm any warning prompts to add the information to the Registry.

UPDATE 2009-01-21: As an extra precaution, it’s a good idea to reboot your PC after Step 4, on the off chance that some old information was residing in cache memory.

The next time you insert a flash drive, CD, DVD, or other removable disc into your system, Windows will not execute the information in any autorun.inf file that may be present.

from:
http://windowssecret...utorun-attacks/

Plug in the drive and have your antivirus scan it immediately.

Let's see if Windows is happy:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#13
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Ron. Thank you again for all your help.

I disabled autorun and did a full scan of the external drive with MSE, that came away clean.

The /scannow comes away clean.

sigverif detects 184 signed and 64 unsigned files.
Out of these, 61 of them start with "ati" or "amd".
The last 3 are "coinst.dll", "droidcam.sys" and "oemdspif.dll".
Pretty much all of them are modified 25-11-2011, where my System Fix crash happened just a few days ago.

VEW refuses to run and returns an error "Please contact the author, VEW has not been coded for your language (Danish)".
My windows installation is in English, although my keyboard and location settings are for Denmark.

Would it be a good idea to reinstall Windows? I formatted just 2 days ago, so I haven't really set anything up yet anyways.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,795 posts
  • MVP
Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


I think that will let me read the logs.

If you want to reinstall that's OK but I don't think it's necessary. Let's just run Combofix and see if it finds anything:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.


Ron
  • 0

#15
jonarni

jonarni

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jon at 19:05:40 on 2011-12-21
Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.8169.6833 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB7D8D79-1BFA-4F71-BA1A-C918566A176F} : DhcpNameServer = 192.168.1.254
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\jb8og5ss.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 DroidCam;DroidCam Virtual Audio;C:\Windows\system32\drivers\droidcam.sys --> C:\Windows\system32\drivers\droidcam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-21 18:02:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{661B6332-7DB8-4EDE-91D4-68ABB0730D14}\offreg.dll
2011-12-20 17:11:40 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-20 17:11:33 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{661B6332-7DB8-4EDE-91D4-68ABB0730D14}\mpengine.dll
2011-12-20 16:51:13 25216 ----a-w- C:\Windows\System32\drivers\droidcam.sys
2011-12-20 16:51:13 -------- d-----w- C:\Program Files (x86)\DroidCam
2011-12-20 16:49:47 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-12-20 16:49:47 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-12-20 16:49:06 -------- d-----w- C:\Users\Jon\AppData\Roaming\ooVoo Details
2011-12-20 16:49:02 -------- d-----w- C:\Program Files (x86)\ooVoo
2011-12-20 16:44:01 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-20 16:44:01 -------- d-----w- C:\Windows\System32\Wat
2011-12-20 08:02:15 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-12-20 08:02:15 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-12-20 07:58:50 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-20 07:58:50 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-20 07:58:50 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-20 07:58:50 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-20 07:58:50 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-20 07:58:50 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-20 07:58:50 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-20 07:58:50 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-20 07:58:50 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-20 07:58:50 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-20 07:58:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-12-20 07:39:58 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-12-20 07:38:54 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-12-20 07:36:59 112000 ----a-w- C:\Windows\System32\consent.exe
2011-12-20 07:35:06 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-20 07:35:06 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-20 07:34:32 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-12-20 07:34:32 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-12-20 07:34:32 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-12-20 01:04:16 -------- d-----w- C:\Windows\Panther
2011-12-20 01:04:03 -------- d-sh--w- C:\Boot
2011-12-19 20:18:53 -------- d-----w- C:\Users\Jon\AppData\Roaming\TS3Client
2011-12-19 20:17:51 -------- d-----w- C:\Users\Jon\AppData\Local\TeamSpeak 3 Client
2011-12-19 19:54:37 -------- d-----w- C:\ProgramData\id Software
2011-12-19 17:11:52 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-12-19 17:11:52 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-12-19 17:11:51 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-12-19 17:11:51 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-12-19 16:59:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F761871-1149-40E9-BD58-D5168BF7D5CC}\gapaengine.dll
2011-12-19 16:59:00 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-19 16:55:06 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-19 16:54:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-19 16:54:34 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-19 16:43:41 -------- d--h--w- C:\Program Files (x86)\DeviceVM
2011-12-19 16:43:26 -------- d-----w- C:\Users\Jon\AppData\Local\BMExplorer
2011-12-19 16:40:18 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2011-12-19 16:39:37 -------- d-----w- C:\Program Files (x86)\Bluetooth Suite
2011-12-19 16:37:04 -------- d-----w- C:\Program Files (x86)\Marvell
2011-12-19 16:36:46 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2011-12-19 16:34:57 406632 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-12-19 16:34:56 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-12-19 16:34:56 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-12-19 16:32:28 -------- d-----w- C:\Windows\AsusInstAll
2011-12-19 16:32:06 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-12-19 16:32:06 -------- d-----w- C:\Program Files\Realtek
2011-12-19 16:24:10 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-12-19 16:24:08 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2011-12-19 16:20:21 -------- d-----w- C:\Users\Jon\AppData\Local\Diagnostics
2011-12-19 16:19:48 -------- d-----w- C:\Users\Jon\AppData\Local\Mozilla
2011-12-19 16:18:18 -------- d-----w- C:\Users\Jon\AppData\Local\ATI
2011-12-19 16:17:55 0 ----a-w- C:\Windows\ativpsrm.bin
2011-12-19 16:16:51 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-19 16:16:48 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-12-19 16:16:15 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-12-19 16:15:33 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-12-19 16:15:30 -------- d-sh--w- C:\Windows\Installer
2011-12-19 16:15:29 -------- d-----w- C:\Program Files\ATI
2011-12-19 16:15:17 -------- d-----w- C:\Program Files\ATI Technologies
2011-11-25 15:06:28 10497024 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-25 14:26:48 24887808 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-25 14:06:22 18829312 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-25 14:04:34 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-25 14:04:24 749568 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-25 14:03:10 893440 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-25 14:00:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-25 14:00:42 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-25 14:00:10 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-25 13:59:10 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-25 13:58:52 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-25 13:58:46 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-25 13:58:38 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-25 13:58:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-25 13:58:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-25 13:58:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-25 13:55:50 4327936 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-25 13:50:42 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-25 13:50:08 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-25 13:49:54 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-25 13:46:42 5079552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-25 13:40:26 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-25 13:40:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-25 13:40:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-25 13:40:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-25 13:40:00 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-25 13:39:44 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-25 13:36:12 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-25 13:36:12 4356096 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-25 13:30:26 5512704 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-25 13:30:06 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-25 13:23:44 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-25 13:23:36 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-25 13:23:22 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-25 13:23:20 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-25 13:23:20 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-25 13:23:16 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-25 13:23:10 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-25 13:23:04 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-25 13:22:24 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-25 13:22:18 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-25 13:22:12 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-25 13:22:06 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-25 13:21:44 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-25 13:21:44 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-25 13:21:36 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-25 13:21:36 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-25 13:21:34 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-25 08:22:48 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-25 08:22:42 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-25 08:22:34 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-11-25 08:22:26 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-11-25 08:22:16 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-25 08:21:32 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-25 08:20:44 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-25 08:20:38 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:06:08,89 ===============





Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 19-12-2011 17:11:41
System Uptime: 21-12-2011 19:01:57 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 896,844 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0,069 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 1397 GiB total, 581,054 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: DroidCam Virtual Audio
Device ID: ROOT\MEDIA\0000
Manufacturer: Dev47Apps
Name: DroidCam Virtual Audio
PNP Device ID: ROOT\MEDIA\0000
Service: DroidCam
.
==== System Restore Points ===================
.
RP1: 19-12-2011 17:15:43 - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
RP2: 19-12-2011 17:34:26 - Installeret Realtek Ethernet Controller Driver
RP3: 19-12-2011 17:36:24 - Installeret Renesas Electronics USB 3.0 Host Controller Driver
RP4: 19-12-2011 17:54:23 - Windows Update
RP5: 19-12-2011 17:58:50 - Windows Update
RP6: 19-12-2011 18:11:54 - Windows Update
RP7: 19-12-2011 20:54:16 - Installed Quake Live Mozilla Plugin
RP8: 20-12-2011 08:52:35 - Windows Update
RP9: 20-12-2011 17:51:19 - Device Driver Package Install: Dev47Apps Sound, video and game controllers
RP10: 20-12-2011 18:11:25 - Windows Update
RP11: 20-12-2011 20:08:28 - Windows Update
RP12: 20-12-2011 22:31:03 - Windows Update
.
==== Installed Programs ======================
.
Browser Configuration Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
HydraVision
Intel® Management Engine Components
marvell 91xx console driver
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 8.0.1 (x86 da)
MSI Afterburner 2.1.0
ooVoo
Quake Live Mozilla Plugin
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
TeamSpeak 3 Client
.
==== Event Viewer Messages From Past Week ========
.
21-12-2011 19:02:52, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
21-12-2011 19:02:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
21-12-2011 08:33:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================





Combofix.txt:

ComboFix 11-12-21.02 - Jon 21-12-2011 19:11:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.45.1033.18.8169.6762 [GMT 1:00]
Kører fra: c:\users\Jon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-11-21 til 2011-12-21 )))))))))))))))))))))))))))))))))))
.
.
2011-12-21 18:17 . 2011-12-21 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 18:13 . 2011-12-21 18:13 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6EAE01A-F14F-4306-B980-6A7EDC15A73E}\offreg.dll
2011-12-21 18:13 . 2011-11-21 02:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6EAE01A-F14F-4306-B980-6A7EDC15A73E}\mpengine.dll
2011-12-20 17:11 . 2011-11-21 02:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-20 16:51 . 2011-12-20 16:51 -------- d-----w- c:\program files (x86)\DroidCam
2011-12-20 16:51 . 2011-12-20 16:51 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys
2011-12-20 16:49 . 2011-04-28 03:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-12-20 16:49 . 2011-04-28 03:58 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-12-20 16:49 . 2011-12-20 16:49 -------- d-----w- c:\program files (x86)\ooVoo
2011-12-20 16:44 . 2011-12-20 16:44 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-20 16:44 . 2011-12-20 16:44 -------- d-----w- c:\windows\system32\Wat
2011-12-20 08:02 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-12-20 08:02 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-12-20 07:58 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-20 07:58 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-20 07:58 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-20 07:58 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-20 07:58 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-20 07:58 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-20 07:58 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-20 07:58 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-20 07:58 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-20 07:58 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-20 07:58 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-12-20 07:39 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-12-20 07:38 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2011-12-20 07:36 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-12-20 07:35 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-20 07:35 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-12-20 07:34 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-20 07:34 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-20 07:34 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-12-20 01:04 . 2011-12-19 16:11 -------- d-----w- c:\windows\Panther
2011-12-20 01:04 . 2011-12-20 01:04 -------- d-----w- C:\Boot
2011-12-19 19:54 . 2011-12-19 19:54 -------- d-----w- c:\programdata\id Software
2011-12-19 17:11 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-12-19 17:11 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-12-19 17:11 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-12-19 17:11 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-12-19 16:59 . 2011-12-19 16:59 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F761871-1149-40E9-BD58-D5168BF7D5CC}\gapaengine.dll
2011-12-19 16:59 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-19 16:55 . 2011-12-19 16:55 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-19 16:54 . 2011-12-19 16:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-19 16:54 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-19 16:43 . 2011-12-19 16:43 -------- d--h--w- c:\program files (x86)\DeviceVM
2011-12-19 16:40 . 2011-12-19 16:40 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2011-12-19 16:39 . 2011-12-19 16:39 -------- d-----w- c:\program files (x86)\Bluetooth Suite
2011-12-19 16:37 . 2011-12-19 16:37 -------- d-----w- c:\program files (x86)\Marvell
2011-12-19 16:36 . 2011-12-19 16:36 -------- d-----w- c:\program files (x86)\Renesas Electronics
2011-12-19 16:34 . 2010-10-26 03:08 406632 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-12-19 16:34 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-12-19 16:34 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-12-19 16:32 . 2011-12-19 16:32 -------- d-----w- c:\windows\AsusInstAll
2011-12-19 16:32 . 2011-12-19 16:32 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-12-19 16:32 . 2011-12-19 16:32 -------- d-----w- c:\program files\Realtek
2011-12-19 16:24 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-12-19 16:24 . 2011-12-19 20:15 -------- d-----w- c:\program files (x86)\MSI Afterburner
2011-12-19 16:18 . 2011-12-19 16:18 -------- d-----w- c:\programdata\ATI
2011-12-19 16:17 . 2011-12-19 16:17 0 ----a-w- c:\windows\ativpsrm.bin
2011-12-19 16:16 . 2011-12-19 16:16 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-19 16:16 . 2011-12-19 16:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-12-19 16:16 . 2011-12-19 16:16 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-12-19 16:15 . 2011-12-19 16:16 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-12-19 16:15 . 2011-12-20 21:31 -------- d-sh--w- c:\windows\Installer
2011-12-19 16:15 . 2011-12-19 16:15 -------- d-----w- c:\program files\ATI
2011-12-19 16:15 . 2011-12-19 16:16 -------- d-----w- c:\program files\ATI Technologies
2011-12-19 16:14 . 2011-12-19 16:14 -------- d-----w- C:\AMD
2011-12-19 16:11 . 2011-12-21 00:57 -------- d-----w- c:\users\Jon
2011-12-19 16:11 . 2011-12-19 16:11 -------- d-----w- C:\Recovery
2011-11-25 15:06 . 2011-11-25 15:06 10497024 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-25 14:26 . 2011-11-25 14:26 24887808 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-25 14:06 . 2011-11-25 14:06 18829312 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-25 14:04 . 2011-11-25 14:04 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-25 14:04 . 2011-11-25 14:04 749568 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-25 14:03 . 2011-11-25 14:03 893440 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-25 14:00 . 2011-11-25 14:00 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-25 14:00 . 2011-11-25 14:00 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-25 14:00 . 2011-11-25 14:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-25 13:59 . 2011-11-25 13:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-25 13:58 . 2011-11-25 13:58 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-25 13:58 . 2011-11-25 13:58 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-25 13:58 . 2011-11-25 13:58 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-25 13:58 . 2011-11-25 13:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-25 13:58 . 2011-11-25 13:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-25 13:58 . 2011-11-25 13:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-25 13:55 . 2011-11-25 13:55 4327936 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-25 13:50 . 2011-11-25 13:50 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-25 13:50 . 2011-11-25 13:50 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-25 13:49 . 2011-11-25 13:49 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-25 13:46 . 2011-11-25 13:46 5079552 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-25 13:40 . 2011-11-25 13:40 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-25 13:40 . 2011-11-25 13:40 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-25 13:40 . 2011-11-25 13:40 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-25 13:40 . 2011-11-25 13:40 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-25 13:40 . 2011-11-25 13:40 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-25 13:39 . 2011-11-25 13:39 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-25 13:36 . 2011-11-25 13:36 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-25 13:36 . 2011-11-25 13:36 4356096 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-25 13:30 . 2011-11-25 13:30 5512704 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-25 13:30 . 2011-11-25 13:30 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-25 13:23 . 2011-11-25 13:23 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-25 13:23 . 2011-11-25 13:23 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-25 13:23 . 2011-11-25 13:23 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-25 13:23 . 2011-11-25 13:23 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-25 13:23 . 2011-11-25 13:23 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-25 13:23 . 2011-11-25 13:23 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-25 13:23 . 2011-11-25 13:23 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-25 13:23 . 2011-11-25 13:23 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-25 13:22 . 2011-11-25 13:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-25 13:22 . 2011-11-25 13:22 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-25 13:22 . 2011-11-25 13:22 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-25 13:22 . 2011-11-25 13:22 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-25 13:21 . 2011-11-25 13:21 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-25 13:21 . 2011-11-25 13:21 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-25 13:21 . 2011-11-25 13:21 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-25 13:21 . 2011-11-25 13:21 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-25 13:21 . 2011-11-25 13:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-25 08:22 . 2011-11-25 08:22 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-25 08:22 . 2011-11-25 08:22 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-25 08:22 . 2011-11-25 08:22 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-11-25 08:22 . 2011-11-25 08:22 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-11-25 08:22 . 2011-11-25 08:22 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-25 08:21 . 2011-11-25 08:21 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-25 08:20 . 2011-11-25 08:20 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-25 08:20 . 2011-11-25 08:20 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-25 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\jb8og5ss.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-12-21 19:19:34
ComboFix-quarantined-files.txt 2011-12-21 18:19
.
Pre-Kørsel: 962.891.902.976 bytes free
Post-Kørsel: 962.343.653.376 bytes free
.
- - End Of File - - 00565E60B6C7ADEF8693711774828151
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP