I have been having a pretty bad virus problem at work. 90 some crappy wordpress websites were infected. I carried something home with me and have been dwindling the infection down. But now i am in unknown territory so any help would be cool. Thanks in advance.

// info: Rootkit removal help file
// copyright: (c) 2008-2016 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\ProgramData\Razer\Synapse\Modules\SystemInfo:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Mozilla Firefox:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Razer:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\RocketDock:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Razer\Synapse:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\NETGEAR\A6100:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\MSI\Live Update:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Microsoft.NET\RedistList:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\Common Files\Microsoft Shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Welcome:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files (x86)\AMD\ATI.ACE\Core-Static:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\ATI Technologies:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\SUPERAntiSpyware:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\WinRAR:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\microsoft shared\VC:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\Common Files\ATI Technologies\Multimedia:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\ATI Technologies\ATI.ACE\Fuel:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\CIM:Win32App_1:$DATA"
File:"Unknown ADS","C:\Program Files\AMD\ATI.ACE\Fuel:Win32App_1:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\ADOVMPPackage","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\ADOVMPPackage","Final"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc","Upgrade"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\InputMethod\Chs","DuState"

Hello Thedude87,

The log alone isn't showing a rootkit.

I have been having a pretty bad virus problem at work. 90 some crappy wordpress websites were infected. I carried something home with me and have been dwindling the infection down. But now i am in unknown territory so any help would be cool. Thanks in advance.


Is this a personal computer that you take to work, please provide more information. :)

Best regards.

Personal PC. I believe the infection was carried home through my cell phone or USB storage. Any time I would run a .exe the PC CPU and disk would run like crazy. And whatever the mileage was it would change registry files and group permissions. I think I have all of that taken care of. But now when I scan for spyware after a night of browsing while gaming the scan the next morning may have anywhere from 80-1400 .sql cookies. Not normal correct?

P.s. sorry for delayed response forgot to set email veri.

Hi Thedude87,

USBs that have been inserted into machines at school or work can be dangerous for a home computer and vice versa.

It might be best for someone to take a look at the system, please see the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please. :)

Best regards.